X.509: Add bits needed for PKCS#7
PKCS#7 validation requires access to the serial number and the raw names in an X.509 certificate. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Josh Boyer <jwboyer@redhat.com>
This commit is contained in:
parent
16874b2cb8
commit
84aabd46bf
|
@ -6,7 +6,7 @@ Certificate ::= SEQUENCE {
|
||||||
|
|
||||||
TBSCertificate ::= SEQUENCE {
|
TBSCertificate ::= SEQUENCE {
|
||||||
version [ 0 ] Version DEFAULT,
|
version [ 0 ] Version DEFAULT,
|
||||||
serialNumber CertificateSerialNumber,
|
serialNumber CertificateSerialNumber ({ x509_note_serial }),
|
||||||
signature AlgorithmIdentifier ({ x509_note_pkey_algo }),
|
signature AlgorithmIdentifier ({ x509_note_pkey_algo }),
|
||||||
issuer Name ({ x509_note_issuer }),
|
issuer Name ({ x509_note_issuer }),
|
||||||
validity Validity,
|
validity Validity,
|
||||||
|
|
|
@ -210,6 +210,19 @@ int x509_note_signature(void *context, size_t hdrlen,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Note the certificate serial number
|
||||||
|
*/
|
||||||
|
int x509_note_serial(void *context, size_t hdrlen,
|
||||||
|
unsigned char tag,
|
||||||
|
const void *value, size_t vlen)
|
||||||
|
{
|
||||||
|
struct x509_parse_context *ctx = context;
|
||||||
|
ctx->cert->raw_serial = value;
|
||||||
|
ctx->cert->raw_serial_size = vlen;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Note some of the name segments from which we'll fabricate a name.
|
* Note some of the name segments from which we'll fabricate a name.
|
||||||
*/
|
*/
|
||||||
|
@ -322,6 +335,8 @@ int x509_note_issuer(void *context, size_t hdrlen,
|
||||||
const void *value, size_t vlen)
|
const void *value, size_t vlen)
|
||||||
{
|
{
|
||||||
struct x509_parse_context *ctx = context;
|
struct x509_parse_context *ctx = context;
|
||||||
|
ctx->cert->raw_issuer = value;
|
||||||
|
ctx->cert->raw_issuer_size = vlen;
|
||||||
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
|
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -330,6 +345,8 @@ int x509_note_subject(void *context, size_t hdrlen,
|
||||||
const void *value, size_t vlen)
|
const void *value, size_t vlen)
|
||||||
{
|
{
|
||||||
struct x509_parse_context *ctx = context;
|
struct x509_parse_context *ctx = context;
|
||||||
|
ctx->cert->raw_subject = value;
|
||||||
|
ctx->cert->raw_subject_size = vlen;
|
||||||
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
|
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,9 @@
|
||||||
|
|
||||||
struct x509_certificate {
|
struct x509_certificate {
|
||||||
struct x509_certificate *next;
|
struct x509_certificate *next;
|
||||||
|
struct x509_certificate *signer; /* Certificate that signed this one */
|
||||||
struct public_key *pub; /* Public key details */
|
struct public_key *pub; /* Public key details */
|
||||||
|
struct public_key_signature sig; /* Signature parameters */
|
||||||
char *issuer; /* Name of certificate issuer */
|
char *issuer; /* Name of certificate issuer */
|
||||||
char *subject; /* Name of certificate subject */
|
char *subject; /* Name of certificate subject */
|
||||||
char *fingerprint; /* Key fingerprint as hex */
|
char *fingerprint; /* Key fingerprint as hex */
|
||||||
|
@ -25,7 +27,16 @@ struct x509_certificate {
|
||||||
unsigned tbs_size; /* Size of signed data */
|
unsigned tbs_size; /* Size of signed data */
|
||||||
unsigned raw_sig_size; /* Size of sigature */
|
unsigned raw_sig_size; /* Size of sigature */
|
||||||
const void *raw_sig; /* Signature data */
|
const void *raw_sig; /* Signature data */
|
||||||
struct public_key_signature sig; /* Signature parameters */
|
const void *raw_serial; /* Raw serial number in ASN.1 */
|
||||||
|
unsigned raw_serial_size;
|
||||||
|
unsigned raw_issuer_size;
|
||||||
|
const void *raw_issuer; /* Raw issuer name in ASN.1 */
|
||||||
|
const void *raw_subject; /* Raw subject name in ASN.1 */
|
||||||
|
unsigned raw_subject_size;
|
||||||
|
unsigned index;
|
||||||
|
bool seen; /* Infinite recursion prevention */
|
||||||
|
bool verified;
|
||||||
|
bool trusted;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue